///*
// * Copyright 2020-2023 the original author or authors.
// *
// * Licensed under the Apache License, Version 2.0 (the "License");
// * you may not use this file except in compliance with the License.
// * You may obtain a copy of the License at
// *
// *      https://www.apache.org/licenses/LICENSE-2.0
// *
// * Unless required by applicable law or agreed to in writing, software
// * distributed under the License is distributed on an "AS IS" BASIS,
// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// * See the License for the specific language governing permissions and
// * limitations under the License.
// */
//package com.tgsoft.auth.demo.authentication;
//
//import org.apache.commons.logging.Log;
//import org.apache.commons.logging.LogFactory;
////import com.tgsoft.auth.web.authentication.DeviceClientAuthenticationConverter;
//
//import org.springframework.security.authentication.AuthenticationProvider;
//import org.springframework.security.core.Authentication;
//import org.springframework.security.core.AuthenticationException;
//import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
//import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
//import org.springframework.security.oauth2.core.OAuth2Error;
//import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
//import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
//import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
//import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
//import org.springframework.security.oauth2.server.authorization.web.OAuth2ClientAuthenticationFilter;
//import org.springframework.util.Assert;
//
///**
// * @author Joe Grandja
// * @author Steve Riesenberg
// * @since 1.1
// * @see DeviceClientAuthenticationToken
// * @see DeviceClientAuthenticationConverter
// * @see OAuth2ClientAuthenticationFilter
// */
//public final class DeviceClientAuthenticationProvider implements AuthenticationProvider {
//	private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-3.2.1";
//	private final Log logger = LogFactory.getLog(getClass());
//	private final RegisteredClientRepository registeredClientRepository;
//
//	public DeviceClientAuthenticationProvider(RegisteredClientRepository registeredClientRepository) {
//		Assert.notNull(registeredClientRepository, "registeredClientRepository cannot be null");
//		this.registeredClientRepository = registeredClientRepository;
//	}
//
//	@Override
//	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
//		DeviceClientAuthenticationToken deviceClientAuthentication =
//				(DeviceClientAuthenticationToken) authentication;
//
//		if (!ClientAuthenticationMethod.NONE.equals(deviceClientAuthentication.getClientAuthenticationMethod())) {
//			return null;
//		}
//
//		String clientId = deviceClientAuthentication.getPrincipal().toString();
//		RegisteredClient registeredClient = this.registeredClientRepository.findByClientId(clientId);
//		if (registeredClient == null) {
//			throwInvalidClient(OAuth2ParameterNames.CLIENT_ID);
//		}
//
//		if (this.logger.isTraceEnabled()) {
//			this.logger.trace("Retrieved registered client");
//		}
//
//		if (!registeredClient.getClientAuthenticationMethods().contains(
//				deviceClientAuthentication.getClientAuthenticationMethod())) {
//			throwInvalidClient("authentication_method");
//		}
//
//		if (this.logger.isTraceEnabled()) {
//			this.logger.trace("Validated device client authentication parameters");
//		}
//
//		if (this.logger.isTraceEnabled()) {
//			this.logger.trace("Authenticated device client");
//		}
//
//		return new DeviceClientAuthenticationToken(registeredClient,
//				deviceClientAuthentication.getClientAuthenticationMethod(), null);
//	}
//
//	@Override
//	public boolean supports(Class<?> authentication) {
//		return DeviceClientAuthenticationToken.class.isAssignableFrom(authentication);
//	}
//
//	private static void throwInvalidClient(String parameterName) {
//		OAuth2Error error = new OAuth2Error(
//				OAuth2ErrorCodes.INVALID_CLIENT,
//				"Device client authentication failed: " + parameterName,
//				ERROR_URI
//		);
//		throw new OAuth2AuthenticationException(error);
//	}
//
//}